Tag Archive

Buying computer hardware can be a mind-numbing and mystifying task.

Jungle Computer will help you select the best possible hardware and software solution for your business. Cost-effective installation services are available for your entire business, including Servers, PCs, mobile devices, routers, switches, VPNs and peripheral devices.

As your IT security provider, we wanted to update you on some recent breaking news.

ESET has discovered a new malware strain designed specifically to target industrial control systems-such as electric power grids.

The malware, detected by ESET as Win32/Industroyer, is believed to have been used in the December 2016 attack on Ukraine’s power grid that caused a major blackout.

ESET detects and blocks Industroyer. Our role in identifying this threat is just another example of our commitment to innovation and technical excellence.

Industroyer: Biggest threat to industrial control systems since Stuxnet

The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware, detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack.

Whether the same malware was really involved in what cybersecurity experts consider to have been a large-scale test is yet to be confirmed. Regardless, the malware is capable of doing significant harm to electric power systems and could also be refitted to target other types of critical infrastructure.

Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).

These switches and circuit breakers are digital equivalents of analogue switches; technically they can be engineered to perform various functions. Thus, the potential impact may range from simply turning off power distribution, cascading failures and more serious damage to equipment. The severity may also vary from one substation to another, as well. Needless to say, disruption of such systems can directly or indirectly affect the functioning of vital services.

Industroyer’s dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind. That means that the attackers didn’t need to be looking for protocol vulnerabilities; all they needed was to teach the malware “to speak” those protocols.

The recent power outage occurred on December 17th, 2016, almost exactly one year after the well-documented cyberattack that caused a blackout that affected around 250,000 households in several regions in Ukraine on December 23rd, 2015.

In 2015, the perpetrators infiltrated the electricity distribution networks with the BlackEnergy malware, along with KillDisk and other malicious components, and then abused legitimate remote access software to control operators’ workstations and to cut off power. Aside from targeting the Ukrainian power grid, there are no apparent similarities in code between BlackEnergy and Industroyer.

Structure and key functionalities

Industroyer is modular malware. Its core component is a backdoor used by attackers to manage the attack: it installs and controls the other components and connects to a remote server to receive commands and to report to the attackers.

What sets Industroyer apart from other malware targeting infrastructure is its use of four payload components, which are designed to gain direct control of switches and circuit breakers at an electricity distribution substation.

Generally, the payloads work in stages whose goals are mapping the network, and then figuring out and issuing commands that will work with the specific industrial control devices. Industroyer’s payloads show the authors’ deep knowledge and understanding of industrial control systems.

The malware contains a few more features that are designed to enable it to remain under the radar, to ensure the malware’s persistence, and to wipe all traces of itself after it has done its job.

For example, the communication with the C&C servers hidden in Tor can be limited to non-working hours. Also, it employs an additional backdoor – masquerading as the Notepad application – designed to regain access to the targeted network in case the main backdoor is detected and/or disabled.

And its wiper module is designed to erase system-crucial Registry keys and overwrite files to make the system unbootable and the recovery harder. Of interest is the port scanner that maps the network, trying to find relevant computers: the attackers made their own custom tool instead of using existing software. Finally, yet another module is a Denial-of-Service tool that exploits the CVE-2015-5374 vulnerability in Siemens SIPROTEC devices and can render targeted devices unresponsive.

Conclusion

Industroyer is highly customizable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analyzed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.

While in principle it’s difficult to attribute attacks to malware without performing an on-site incident response, it’s highly probable that Industroyer was used in the December 2016 attack on the Ukrainian power grid. On top of the fact that the malware clearly possesses the unique capabilities to perform the attack, it contains an activation timestamp for December 17th, 2016, the day of the power outage.

The 2016 attack on the Ukrainian power grid attracted much less attention than the attack that occurred a year earlier. However, the tool most likely used, Win32/Industroyer, is an advanced piece of malware in the hands of a sophisticated and determined attacker.

Thanks to its ability to persist in the system and provide valuable information for tuning-up the highly configurable payloads, attackers could adapt the malware to any environment, which makes it extremely dangerous. Regardless of whether or not the recent attack on the Ukrainian power grid was a test, it should serve as a wake-up call for those responsible for security of critical systems around the world.

Additional technical details on the malware and Indicators of Compromise can be found in our comprehensive white paper, and on github. For any inquiries, or to make sample submissions related to the subject, contact us at: threatintel@eset.com.

Forget the waste and expense of a fax machine – with Fax Thru Email, you send and receive faxes over the Web, using your own unique fax number. Incoming faxes go directly to your email inbox; you send outgoing faxes right from your email or by logging on to FaxThruEmail.com.

Technology makes it fast, our features make it easy.
Fax Thru Email uses the Internet, rather than a phone line, to send and receive faxes. There’s no equipment to buy or phone line to install – you send faxes directly from any device you use for email or browsing the Internet. View and manage your fax history, including sent/received logs, account information, help and billing details from our easy Web-based manager.

Edwardsville is a borough in Luzerne County, Pennsylvania, 2 miles (3 km) west of Wilkes Barre and also adjacent to the boroughs of Kingston to the north and Larksville to the south. It is mainly a residential place, the population being 5,165 in 1900 and 8,407 in 1910. A substantial decrease in the population has occurred since the population count of 1940, which was 7,998. The population was 4,816 at the 2010 census. Edwardsville was settled in 1768 by settlers from Connecticut. It was incorporated as a borough in 1884.

In lean times, consumers pinch pennies and eliminate most luxuries. From cutting back on extras to more prudent spending and budgeting, people inject a degree of caution into their financial habits. In such a volatile environment, smaller, local businesses count on your patronage in order to stay afloat; every transaction is precious to them. So when deciding where to spend your hard-earned dollars on tonight’s dinner or a gift for a friend, consider the benefits of turning to local, independently owned businesses within your community.

There are far-reaching advantages to deciding to “shop local.” By supporting local businesses, you are in turn supporting your local economy; significantly more money stays in a community when purchases are made at locally owned, rather than nationally owned, businesses. The U.S. Small Business Association and the U.S. Department of Labor report the positive impacts of small, independent business on local economies.

Local businesses are more likely to utilize other local businesses such as banks, service providers, and farms.

For every $100 you spend at local businesses, $68 will stay in the community.

Independent retailers return more than three times as much money per dollar of sales to the community in which they operate than chain competitors. Independent restaurants return more than two times as much money per dollar of sales than national restaurant chains.

Small businesses employ 77 million Americans and accounted for 65% of all new jobs over the past 17 years.

In addition to helping build the local economy, there are also notable intangible benefits that come from supporting businesses in your local community.

Local businesses are owned and operated by your neighbors!

They care about and are invested in the well-being of your community and its future.

Local businesses are more accountable to their local communities and donate more money to non-profits.

Supporting local businesses is good for the environment because they often have a smaller carbon footprint than larger companies.

It isn’t always the easiest or most convenient option to visit a local independent business rather than a large national chain that might be down the street.